Method and system for synchronously generated security waiver interface

ABSTRACT

A method and system of rendering security events in execution of a software application in a communication network. The method comprises receiving, at a memory of a server computing device, a waiver parameter specification identifying a waiver parameter in association with a recipient client device, the waiver parameter pertaining to a security violation event in accordance with a set of predetermined security policy violations, monitoring, via a processor of the server computing device, for the waiver parameter being generated, and generating, based on the monitoring, a waiver notification interface providing capability for including at least a set of successful pipeline execution results as evidence that the security violation event has been resolved.

RELATED APPLICATION

This application is a continuation of, and claims the benefit ofpriority to, U.S. patent application Ser. No. 16/534,904, filed on Aug.7, 2019. Said U.S. patent application Ser. No. 16/534,904 isincorporated by reference in the entirety herein.

TECHNICAL FIELD

The disclosure herein relates to security aspects in execution ofsoftware system applications within a networked communication andcomputing system.

BACKGROUND

Protection of safety-critical software platform infrastructures andsystems employed in healthcare, telecommunications, banking, and othercommercial and industrial uses remains a major challenge. In particular,cyberattacks can be unpredictable, and intended to compromise or inhibitsecure operation of an infrastructure or a critical component within theinfrastructure. Computer viruses, trojans, hackers, cryptographic keyrecovery attacks, malicious executables and bots may present a constantthreat to users of computers connected to public computer networks suchas the Internet and also private networks such as corporate computernetworks. In response to these threats, enterprise organizations maydeploy antivirus software and firewalls. However, such preventativeattempts may not always prove adequate.

For enterprise organizations deploying safety-critical cloud-basedsoftware system infrastructure and components, it is important to ensurethat enterprise software applications and systems operate in a secureway and are robust and resilient with regard to cyberattacks and relatedsecurity disruptions performed via a data network.

An enterprise software application security management solution thatenables organizations to monitor for critical enterprise securityfunctions and receive real-time notifications regarding waiverspotentially associated with security events, both expected andunexpected, on a timely and comprehensive basis results in lessenedenterprise disruption and more efficient functioning.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates, in an example embodiment, a system for softwareapplication execution with security waiver notifications to any of aplurality of client computing devices.

FIG. 2 illustrates, in one example embodiment, an architecture of aserver computing system for software application execution with securitywaiver notification interfaces synchronously generated to any of aplurality of client computing devices.

FIG. 3 illustrates a method of operation, in one example embodiment, ofa computing system for rendering security events concurrently withexecution of a software application.

DETAILED DESCRIPTION

Among other technical advantages and benefits, solutions provided hereinprovide a method and system of timely rendering security eventssynchronously with progressive software execution. In particular,notification interfaces may be generated based on waiver task automatonsexecuted concurrently with execution of a software. In one embodiment,the notifications generated to authorized ones of client computingdevices may present a request for waivers, exceptions, approvals andacknowledgements of security events, in view of existing securitypolicies, generated during execution of the software application. Thewaiver task automatons may monitor and report in real-time any anomaliesin security parameters, relative to expected waiver parameter values andexpected trends in waiver parameters given predetermined thresholdvalues or conditions.

In accordance with a first example embodiment, provided is a method ofrendering security events in execution of a software application in acommunication network. The method comprises receiving, at a memory ofthe server computing device, a waiver parameter specificationidentifying at least one waiver parameter in association with at leastone recipient client device of the plurality of client computingdevices, the at least one waiver parameter based at least in part on anexpected security event in the software application execution; duringconcurrent execution, in a processor of the server computing device, ofobject code of the software application, generating at least one waivertask automaton that monitors for the at least one waiver parameter; andgenerating, based on the monitoring, at a client interface of the atleast one recipient communication device, a waiver notificationinterface in accordance with concurrent execution.

In accordance with a second example embodiment, a server computingsystem that includes a processor and a memory, coupled to a plurality ofclient computing devices is provided. The memory includes instructionsexecutable to receive, at a memory of the server computing device, awaiver parameter specification identifying at least one waiver parameterin association with at least one recipient client device of theplurality of client computing devices, the at least one waiver parameterbased at least in part on an expected security event in the softwareapplication execution; during concurrent execution, in a processor ofthe server computing device, of object code of the software application,generate at least one waiver task automaton that monitors for the atleast one waiver parameter; and generate, based on the monitoring, at aclient interface of the at least one recipient communication device, awaiver notification interface in accordance with concurrent execution.

One or more embodiments described herein provide that methods,techniques, and actions performed by a computing device are performedprogrammatically, or as a computer-implemented method. Programmatically,as used herein, means through the use of code or computer-executableinstructions. These instructions can be stored in one or more memoryresources of the computing device.

Furthermore, one or more embodiments described herein may be implementedthrough the use of logic instructions that are executable by one or moreprocessors of a computing device, including a server computing device.These instructions may be carried on a computer-readable medium. Inparticular, machines shown with embodiments herein include processor(s)and various forms of memory for storing data and instructions. Examplesof computer-readable mediums and computer storage mediums includeportable memory storage units, and flash memory (such as carried onsmartphones). A server computing device as described herein utilizesprocessors, memory, and logic instructions stored on computer-readablemedium. Embodiments described herein may be implemented in the form ofcomputer processor-executable logic instructions or programs stored oncomputer memory mediums.

System Description

FIG. 1 illustrates, in an example embodiment, security waiver logicmodule 106 hosted at server computing device 101, within communicationnetwork system 100 for software application execution with concurrentnotifications to client computing devices 102. Database 103 may becommunicatively accessible to server computing device 101 (also referredto as server 101 herein) and additionally, to one or more of clientcomputing devices 102 via communication network 107.

Cloud- connected client computing devices 102 may include any of laptopcomputing device 102, desktop or workstation computing device 102b ormobile computing device 102c, collectively referred to herein as clientdevice(s) 102. Client interface module 105, when executed in a processorof client device 102 in conjunction with execution of security waiverlogic module 106 at server 101, may generate a security waiver userinterface at client device 102. The security waiver interface may berendered, in one embodiment, at a screen display user interface ofclient device 102, whereby waivers or request for process exceptions maybe solicited from, or provided to, a user.

FIG. 2 illustrates architecture 200 of server computing device 101hosting security waiver logic module 106, in an example embodiment.Server 101 or other computing system having similar functionality, mayinclude processor 201, non-transitory memory 202 that includes securitywaiver logic module 106, display screen 203, input mechanisms 204 suchas a keyboard or software-implemented touchscreen input functionality,and communication interface 207 for communicating via communicationnetwork 107.

Security waiver logic module 106 includes instructions stored in memory202 of server 101, the instructions configured to be executable inprocessor 201. Security waiver logic module 106 may comprise portions orsub-modules including waiver parameter specification module 210,concurrent execution monitoring module 211, and waiver notificationinterface module 212.

Waiver parameter specification module 210 of memory 202 of servercomputing device 101 may include a specification identifying a softwareapplication for execution, certain expected security waiver parameters210 a and threshold values or conditions 210 b for the waiver parametersbased on execution of the software application in processor 201.Subscriber computing devices 210 c may be pre-identified and specifiedas particular ones of client computing devices 102 selected, permittedor authorized to receive, view, and interact with results pertaining tosecurity waivers in execution of the software application in processor201 of server computing device 101.

In one embodiment, the specification may include, in addition to waiverparameters and threshold values or conditions, identification of certainrecipient client devices 102 associated with the respective waiverparameters in conjunction with addressing details for communication withthe recipient client devices.

Security waiver parameters 210 a may relate to industry wide andenterprise- specific security policy conditions and parametersassociated with security events, both expected and unexpected, in courseof software application execution.

Security waiver parameters 210 a may be based upon waiver requests frompipeline processing results of application execution. Users can attachmultiple security findings to a waiver. Users may optionally broaden awaiver to include more than one environment, and more than a specificserver in the communication or enterprise network. Users may also beprovided with capability to attach successful pipeline execution resultsto an existing waiver as evidence that a given security waiver findinghas been resolved.

When a violation to a security policy is found, a waiver request may begenerated from the security finding. When a user is presented withpipeline execution results, they may have the option to create a newwaiver from the security policy violations or add the policy violationsto an existing draft waiver, prior to creating a new waiver, or appendto an existing waiver, the details of the security findings. Suchdetails may include identification of the impacted system, application,environment, server device, and source code file affected, ifapplicable, and an application release and or version being developed.

Once a waiver is created, a user add extra details to the waiverspecification, such a rationale as why the waiver is being requested orcreated, a time period (a number of days, until a specific date, or inperpetuity), modify the scope of the waiver beyond the specific findingsat a given server to be expanded or extrapolated to any server in theexecution production environment. Additional security findings may beadded to the waiver request from other pipeline executions and allow forsubmitting the waiver for approval. When a waiver is approved or denied,a user or users should receive notification and have visibility to lookup the verdict or rationale rendered and any comments or notes providedby the approver or reviewer. If a waiver is approved, the securitypolicy violation pertaining thereto may be logged into database 103memory.

Threshold conditions 210 b may relate to threshold security conditionsand values to be applied to the security waiver parameters, includingvalues for quantifying or estimating the strength of a security impactif a given waiver is implemented. The threshold value or condition asset for a particular waiver parameter may serve as a constraint, whichonce exceeded, triggers or initiates generating a waiver notificationinterface.

Subscriber computing devices 210 c may be pre-identified and specifiedas particular ones of client computing devices 102 selected, permittedor authorized to receive, view, and interact with results pertaining tosecurity waivers in execution of the software application in processor201 of server computing device 101.

Concurrent execution monitoring module 211 generates, by the processorduring execution of the software application, an waiver task automatonrepresentative of waiver parameters, and during concurrent execution ofobject code of the software application in conjunction with the waivertask automaton, monitors, by the waiver task automaton, for the waiverparameters.

The waiver task automaton as generated at server computing device 101using waiver task automaton module 106, in an embodiment, is defined by,and constituted of programmable script code including datarepresentative of at least one waiver parameter or value and thethreshold condition or value. In one variation, where the specificationas created or drafted at client computing device 101 further incudesidentification and communication addressing details of third-partyrecipient communication devices, the script code of the waiver taskautomaton may further encode data pertaining to the third-partyrecipient client devices, such that the notifications and requests forwaiver may be directed to the recipient client devices. In anothervariation, the waiver task automaton as constituted or embodied ofscripting code may be enabled for application program interface (API)calls to the enterprise software application during concurrent executiontherewith at client computing device 102. The scripting code of thewaiver task automaton may include data relating to the expected resultvalues along with their respective threshold conditions as specified viawaiver parameter specification module 210, in some embodiments.

Specific representations of the waiver task automatons may be selected,in one embodiment, by a user at client computing device 102 from alibrary of waiver task automatons stored in a memory of database 103communicatively coupled to server device 101, and modified or customizedat client computing device 102 in accordance with the specificationincluding expected waiver parameters and any threshold conditions forthe expected waiver parameters, prior to being deployed for concurrentexecution with the software application. The specification may furtherinclude communication addressing details of particular client devices102 to which waiver notification interface module 212 may directcommunications from the waiver task automaton during concurrentexecution at server 101.

Once generated at server computing device 101, the waiver task automatonmay be stored in a memory of a database, such as database 103communicatively accessible to server 101, and made available to users,including users at client computing devices 102, for re-use inconjunction with execution of various third-party software applicationproducts, in one embodiment. The waiver task automaton, in such anembodiment, provides customizable ‘building blocks’ for productionexecution or software application products, including enterprisesoftware application products based on requirements specified or definedby users of computing devices 102, advantageously eliminating orminimizing the development cost, lead time, and effort in deploying thewaiver task automatons for concurrent execution with softwareapplications in a production mode.

In an embodiment, a plurality of waivers automatons may be deployedduring execution of an enterprise software security application byprocessor 201 of server computing device 101. In one embodiment, eachwaiver task automaton may be configured by individual or unique ID,identify an owner or interested party associated with a waiver, andinclude an update frequency of security data pertaining thereto, andoptionally include a rule used in monitoring waiver parameters asexecution of the software application progresses in accordance withvarious execution states.

Waiver notification module 211 monitors, during the concurrent executionof object code of the software application in conjunction with thewaiver task automaton, the waiver parameters relative to theirrespective threshold condition conditions as specified in accordancewith waiver parameter specification module 210.

The waiver task automaton may use access methods to access executionstates, interim execution results, as well as final output executionresults for the software application under execution. For example, inone embodiment, the waiver task automaton may access one or more resultsduring execution of software application using one or more applicationprogram interface (API) calls during the concurrent execution.

Waiver notification interface module 212 enables notifications to therecipient communication devices 102, synchronously generated during theconcurrent execution, that any security waiver parameter is lower andhigher in value than a preestablished threshold condition or value, orrepresents a trend that is outside of an acceptable range of securityvalues or industry security benchmarks. It is contemplated, morebroadly, that waiver task automatons described herein may monitorsoftware program execution security results pertaining to trends andaggregate data generated from interim or final software executionresults in real-time, or any result that deviates from an expectationbased on previous norms, presence or absence of certain waiverparameters or values, and an expectation or confirmation as to whethervarious execution security files and services exist and are functioningas intended.

The waiver task automaton generates a communication to notify one ormore recipient communication devices as specified in accordance withwaiver parameter specification module 210 and concurrent executionmonitoring module 211 that an important or unusual security event hasoccurred, such as when a waiver parameter value is out of control orunexpected relative to the predetermined or pre-established thresholdconditions. In one embodiment, recipient communication devices may bethird-party recipient communication devices that are not be enabled fordirectly addressing nor accessing the software application underexecution at client computing device 102. Recipient communicationdevices may be selected, for example, the client system or customer'sinformation technology support group or a vendor of the third-partyenterprise software application, to receive alerts or notifications. Ingeneral, the waiver task automatons provided herein make more certainthat waivers generated are up to date and responsive to changed securitycircumstances in accordance with the software program execution.

In one variation, where the specification further incudes identificationof a third-party recipient communication device 102, the script code ofthe waiver task automaton may further encode data pertaining to thethird-party recipient communication device, such that notifications maybe directed or communicated to the third-party recipient communicationdevice 102.

In one illustrative embodiment, the specification may include arepresentation of key security performance indicators (security KPIs)related to software application concurrent execution in conjunction withwaiver task automatons The KPIs may be used to establish thresholdsecurity values or conditions, such as based on industry securitybenchmarking or benchmarking customized to a particular enterprise, formonitoring by the waiver automatons during software execution.

Methodology

FIG. 3 illustrates a method 300 of operation, in one example embodiment,of a computing system for rendering security events concurrently withexecution of a software application, method 300 being performed by oneor more processors 201 of server computing device 101. In describing theexample of FIG. 3, reference is made to the examples of FIG. 1 and FIG.2 for purposes of illustrating suitable components or elements forperforming a step or sub-step being described.

Examples of method steps described herein relate to the use of clientcomputing device 102 including security waiver logic module 106 forimplementing the techniques described. According to one embodiment, thetechniques are performed by client computing device 102 in response tothe processor 201 executing one or more sequences of software logicinstructions that constitute security waiver logic module 106. Inembodiments, security waiver logic module 106 may include the one ormore sequences of instructions within sub-modules including waiverparameter specification module 210, concurrent execution monitoringmodule 211, andwaiver notification interface module 212. Suchinstructions may be read into memory 202 from machine-readable medium,such as memory storage devices. In executing the sequences ofinstructions contained in waiver parameter specification module 210,concurrent execution monitoring module 211, and waiver notificationinterface module 212 of security waiver logic module 106 in memory 202,processor 201 performs the process steps described herein. Inalternative implementations, at least some hard-wired circuitry may beused in place of, or in combination with, the software logicinstructions to implement examples described herein. Thus, the examplesdescribed herein are not limited to any particular combination ofhardware circuitry and software instructions. Additionally, it is alsocontemplated that in alternative embodiments, the techniques herein, orportions thereof, may be distributed between the computing devices 102and server computing device 101. For example, computing devices 102 mayperform some portion of functionality described herein with regard tovarious modules of which security waiver logic module 106 is comprised,and transmit data to server 101 that, in turn, performs at least someportion of the techniques described herein.

At step 310, processor 201 executes instructions of waiver parameterspecification module 210 to receive, at a memory 202 of the servercomputing device 101, a waiver parameter specification identifying atleast one waiver parameter in association with at least one recipientclient device of the plurality of client computing devices 102, the atleast one waiver parameter based at least in part on an expectedsecurity event in the software application execution.

In one embodiment, the specification may include waiver parameters,threshold values or conditions and identification of recipient clientdevices for receiving notifications in conjunction with addressingdetails for communication with the recipient client devices. Asdescribed herein, individual ones of laptop, desktop or workstation, andmobile client computing devices 102a- c as depicted in FIG. 1 may becollectively referred to as client computing device 102. Recipientcommunication devices may be specified, at waiver parameterspecification module 210, as any one of more of client computing devices102.

In one embodiment, the software application comprises a enterprisesoftware security application, and the waiver parameters with thresholdvalue values established pertain to one or more of software and systemsecurity benchmarks, a security performance indicator (KPI) value.

At step 320, processor 201 of server computing device 101 executesinstructions included in concurrent execution monitoring module 211 to,during concurrent execution of object code of the software application,generate at least one waiver task automaton that monitors for the atleast one waiver parameter.

The waiver task automaton as generated at server computing device 101using concurrent execution monitoring module 211 of waiver taskautomaton module 106, in an embodiment, is defined by programmablescript code including data relating to one or more expected resultvalues and the threshold values or conditions. In one variation, thescript code of the waiver task automaton may further encode datapertaining to the third-party recipient computing devices 102, such thatnotification transmissions may be directed to the recipient devices. Inanother variation, the waiver task automaton as constituted or embodiedof scripting code may be enabled for application program interface (API)calls to the enterprise software application during concurrent executiontherewith at client computing device 102. The scripting code of thewaiver task automaton may include data relating to the expected resultvalues along with their respective threshold conditions as specified viawaiver parameter specification module 210, in some embodiments.

The waiver task automaton, in another embodiment, may be configured atserver device 101, at least in part based on a library of waiver taskautomatons stored in a memory of database 103 communicatively coupled toserver device 101, in accordance with the specification includingexpected waiver parameters and any threshold values for the waiverparameters, prior to being deployed for concurrent execution with thesoftware application. The specification may further includecommunication addressing details of recipient communication devices towhich waiver notification interface module 212 may direct communicationsfrom the waiver task automaton during the concurrent execution.

Once generated at server computing device 101, the waiver task automatonmay be stored in a memory of a database, such as database 103communicatively accessible to server 101, and made available for re-usein conjunction with execution of software security services applicationproducts.

Still in regard to step 320, processor 201 executes instructionsincluded in concurrent execution monitoring module 211, to monitor,during concurrent execution, in the processor, of object code of thesoftware application in conjunction with the waiver task automaton, bythe waiver task automaton, for waiver parameters. The monitoring may beaccomplished, in one embodiment, using application program interface(API) calls to the software application during the concurrent execution.

The waiver task automaton may use access methods to access executionstates, interim execution results, as well as final output executionresults for the software application under execution. For example, inone embodiment, the waiver task automaton may access one or more resultsduring execution of software application using one or more applicationprogram interface (API) calls during the concurrent execution.

The threshold values or conditions, in one embodiment, provide basis fordeciding whether to transmit one or more waiver parameters to a clientinterface of client devices 102 for waiver when a value of the securitywaiver parameter is either lower or higher than a threshold value forthe result parameter as established in the specification via waiverparameter specification module 210.

At step 330, processor 201 executes instructions included in waivernotification interface module 212, to generate, based on the monitoring,a waiver notification interface in accordance with concurrent executionto client interface 105 of specific authorized client devices of therecipient communication devices 102.

The waiver task automaton transmits a communication or notification tonotify one or more recipient communication devices as specified inaccordance with waiver parameter specification module 210 and concurrentexecution monitoring module 211 that a security related exception hasoccurred or a security parameter breached, such as a security parametervalue being out of control or unexpected relative to the pre-establishedthreshold conditions or KPI values.

The notification transmission may solicit a waiver of the resultparameter at the client interface of recipient device 102. A user at aclient interface of recipient client device 102 may be presented withthe option to provide anyone or more of a waiver, a dis-waiver ordispute, a modification to the threshold value, or anotheracknowledgement action regarding the notification received thereon fromwaiver notification interface module 212 of server device 101.

In one embodiment, the waiver may relate to a security policy violationor anticipated violation.

Upon generation of a waiver, such as at a client interface on a displayscreen of recipient device 102, the waiver may be transmitted to memory101 of the server computing device 101, wherein the memory maintains adatabase record of all waivers associated with the security policyviolation or anticipated security policy violation.

In another variation of the waiver, the user at client device 102 mayalso modify or dispute the waiver or security event based upon thewaiver notification, again with a similar result of the modification ordispute being transmitted to memory 101 of the server computing device101, wherein the memory maintains a database record of a waiver and anyassociated modifications with security policy concern or violation.

It is contemplated for embodiments described herein to extend toindividual elements and concepts described herein, independently ofother concepts, ideas or system, as well as for embodiments to includecombinations of elements in conjunction with combinations of stepsrecited anywhere in this application. Although embodiments are describedin detail herein with reference to the accompanying drawings, it is tobe understood that the invention is not limited to those preciseembodiments. As such, many modifications and variations will be apparentto practitioners skilled in this art. Accordingly, it is intended thatthe scope of the invention be defined by the following claims and theirequivalents. Furthermore, it is contemplated that a particular featuredescribed either individually or as part of an embodiment can becombined with other individually described features, or parts of otherembodiments, even if the other features and embodiments make no mentionof the particular feature. Thus, the absence of describing combinationsshould not preclude the inventors from claiming rights to suchcombinations.

What is claimed is:
 1. A method of rendering a security event inexecution of a software application in a server computing devicecommunicatively coupled to a plurality of client computing devices, themethod comprising: receiving, at a memory of the server computingdevice, a waiver parameter specification identifying at least one waiverparameter in association with at least one recipient client device ofthe plurality of client computing devices, the at least one waiverparameter pertaining to a security violation event in accordance with aset of predetermined security policy violations; monitoring, via aprocessor of the server computing device, for the at least one waiverparameter being generated in accordance with the with the securityviolation event; and generating, based on the monitoring, a waivernotification interface providing capability for including at least a setof successful pipeline execution results as evidence that the securityviolation event has been resolved.
 2. The method of claim 1 furthercomprising transmitting the waiver notification interface to the atleast one recipient client device.
 3. The method of claim 2 wherein thewaiver notification interface renders, via the at least one recipientclient device, an option to create a new waiver in relation to the setof predetermined security policy violations.
 4. The method of claim 3wherein the new waiver relates to an anticipated security policyviolation.
 5. The method of claim 3 wherein the waiver notificationinterface is configured to render at least one of: the new waiver, amodification to the waiver parameter, and an acknowledgement actionpertaining to enactment of the new waiver.
 6. The method of claim 1wherein the waiver notification interface is generated upon the waiverparameter exceeding a threshold waiver parameter value.
 7. The method ofclaim 6 wherein the threshold waiver parameter value is specified in thewaiver parameter specification.
 8. The method of claim 6 wherein thethreshold waiver parameter value is based at least in part upon avariance from a prior waiver parameter in a prior execution of thesoftware application.
 9. The method of claim 6 wherein the thresholdwaiver parameter value is based at least in part upon a securityperformance indicator (security KPI) value.
 10. The method of claim 1wherein the monitoring comprises at least one application programinterface (API) call to the software application during the execution.11. A server computing device coupled to a plurality of client computingdevices in a communication network, the server computing devicecomprising: a processor; a memory storing a set of instructions, theinstructions when executed in the processor, causing the processor toimplement operations comprising: receiving, at a memory of the servercomputing device, a waiver parameter specification identifying at leastone waiver parameter in association with at least one recipient clientdevice of the plurality of client computing devices, the at least onewaiver parameter pertaining to a security violation event in accordancewith a set of predetermined security policy violations; monitoring, viaa processor of the server computing device, for the at least one waiverparameter being generated in accordance with the with the securityviolation event; and generating, based on the monitoring, a waivernotification interface providing capability for including at least a setof successful pipeline execution results as evidence that the securityviolation event has been resolved.
 12. The server computing device ofclaim 11 further comprising transmitting the waiver notificationinterface to the at least one recipient client device.
 13. The servercomputing device of claim 12 wherein the waiver notification interfacerenders, via the at least one recipient client device, an option tocreate a new waiver in relation to the set of predetermined securitypolicy violations.
 14. The server computing device of claim 13 whereinthe new waiver relates to an anticipated security policy violation. 15.The server computing device of claim 13 wherein the waiver notificationinterface is configured to render at least one of: the new waiver, amodification to the waiver parameter, and an acknowledgement actionpertaining to enactment of the new waiver.
 16. The server computingdevice of claim 11 wherein the waiver notification interface isgenerated upon the waiver parameter exceeding a threshold waiverparameter value.
 17. The server computing device of claim 16 wherein thethreshold waiver parameter value is specified in the waiver parameterspecification.
 18. The server computing device of claim 16 wherein thethreshold waiver parameter value is based at least in part upon avariance from a prior waiver parameter in a prior execution of thesoftware application.
 19. The server computing device of claim 16wherein the threshold waiver parameter value is based at least in partupon a security performance indicator (security KPI) value.
 20. Theserver computing device of claim 11 wherein the monitoring comprises atleast one application program interface (API) call to the softwareapplication during the execution.